Exploit affects RTF documents for Microsoft Word on Windows and Mac

Exploit affects RTF documents for Microsoft Word on Windows and Mac

Microsoft published 23 security updates on Tuesday, 8th May, which users of Microsoft Windows should install. There is one particular update that patches a security vulnerability that affects RTF documents. Windows and Mac users are potentially both affected by this vulnerability.

Mac users should install the patch as a matter of urgency, like Windows users, to protect against any further malware attacks, given the recent interest by cybercriminals.

How the exploit affects RTF documents

RTF is the file type for Rich Text Format documents. Unlike DOC files, which can only be edited by Microsoft Word, RTF can be used by most word processors and allows documents to be shared. Microsoft Word’s DOC files allow macros to be programmed and run, which allows common tasks to be automated. RTF documents don’t support macros and are generally more trusted. However, this security vulnerability allows such code to be executed from an RTF file that is opened in Microsoft Word.

In theory, this could give the potential for a cybercriminal to gain access to your files, or to your system to install additional malware, simply by opening a malicious RTF document.